Continuous Monitoring – Part 2

Federal CM Model

I previously wrote about the various “functional areas” of continuous monitoring. According to the federal model, there are 15 functional areas comprising a comprehensive continuous monitoring solution, as shown in the graphic below: These functional areas are grouped into the following categories: Manage Assets Manage Accounts Manage Events Security Lifecycle Management Each category addresses a […]

5-6 May 2014 Global Supply Chain Risk Assessment: A joint MORS/SARMA Workshop

risk-analysis-2014

The Security Analysis and Risk Management Association (SARMA) and the Military Operations Research Society (MORS) are partnering to help advance the body of knowledge around global supply chain risk management on 5 and 6 May. Please see the details below and click here to register. Please join us for a two day workshop Global Supply Chain Risk […]

Virtuous Activity: GSA and DoD Announce Acquisition Cybersecurity and Resilience Recommendations

The GSA and DoD have just announced a new list of well coordinated recommendations for ways to enhance overall cybersecurity through better acquisition processes. Download it at this link: “Improving Cybersecurity and Resilience through Acquisition“. We view this as a critically important activity that will help enhance overall resilience of DoD and other US Government […]

Attend This Cyber Security/Risk Discussion: I Guarantee You Will Be Smarter For it

Bob_Bigman

One of my personal and professional IT heroes is Bob Bigman. He rose to senior leadership ranks in the IC by an ability to continuously learn and think and act and execute on hard tasks very well. He served as the CSO for CIA and since retiring from there has continued to help a broader […]

An Introduction to Risk Analysis

risk management software2

The goal of risk management is to deliver optimal security at a reasonable cost. This article introduces quantitative risk analysis, cost/benefit analysis, risk handling, and types of countermeasures. The CIA Triad Risk is related with vulnerabilities, which threaten the confidentiality (C), integrity (I), and availability (A) of the assets. This is described as the CIA […]

Ready or not, software is eating the government contracting world

advanced-visualization-150x150

As readers of CTOvision you no doubt track the trends and are as aware as any of how software transforms industries, sometimes in shockingly brutal ways. I take no pleasure in telling any of you that my focus industry, the advanced technology sector around national security missions, is about to see massive, at times very […]